Cross-site scripting request forgeries
Defenses for Web Users
One browser that has incorporated this strategy is Google Chrome. Each browser tab in Chrome is actually a separate process and not a thread running within the same context as other threads (tabs). Thus, the tabs cannot interfere with each other, rendering most CSRF attacks impotent.
- Cross-Site Request Forgery (CSRF): http://www.owasp.org/index.php/Cross-Site_Request_Forgery
- Zeller, W., and Felten, E.W. "Cross-Site Request Forgeries: Exploitation and Prevention," 2008, http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf
Read full article as PDF:Security_Lessons_Cross-site_Scripting_Request_Forgeries.pdf (259.83 kB)
Version 16 of the popular Linux desktop reveals new tools, edge-snapping, and performance improvements.
Symantec says Linux-Darlioz burrows in through PHP.
Dell renews its quest for the ultimate developer machine.
Innovative back door looks like normal SSH traffic.
One of CeBITs most successful forums opens the new year with a new name. The popular Open Source Forum continues in 2014 under the name Special Conference: Open Source. This year, the forum will be bigger and offer a wider range of possibilities for sponsors.
New release offers better graphics drivers and expands filesystem support.
New mail protocol will shut out the NSA and prevent snooping on metadata.
A new web application helps users visualize distributed denial-of-service attacks.
Ubuntu 13.10 takes a step toward convergence, with lots of mobility, but Mir only partly here.
Galileo board is targeted to embedded developers and educational institutions.